PREFACE
Protection of Personal Data ESSA EŞANJÖR SAN. MANUFACTURE. DIC AND FOREIGN TRADE. LTD. STI. of great importance to We meticulously keep the information of anyone who has left us any personal data by contacting us in any way. We have taken all necessary measures within the company to ensure the security of this information. With ESSA, you can transact with the feeling that your personal data will be safe. Both T.C. We will comply with your rights regarding your data, which are secured by the Constitution and the Laws. Below, we share with you the Privacy Policy that has been put into effect in our company.
You can be sure that we will show all sensitivity to your suggestions for improvement, your applications and possible complaints. You can contact us for all your doubts about your personal data. We will show the same sensitivity and care in the protection of your personal data as in all our services.
Regards,
ESSA EXCHANGER IND. MANUFACTURE. DIC AND FOREIGN TRADE. LTD. STI.
Purpose
Until today, ESSA EXCHANGER IND. MANUFACTURE. DIC AND FOREIGN TRADE. LTD. STI. (hereinafter “ESSA”), the personal data collected in accordance with the sensitivity of the business we deal with is kept confidential and never shared with third parties for any purpose other than their purpose. Protection of personal data is the basic policy of our company. Even before there was any legal regulation, our company attached great importance to the privacy of personal data and adopted this as a working principle. As ESSA, we are committed to complying with all the responsibilities brought by the Personal Data Protection Law.
Scope and Replacement
This Policy, prepared by our company, has been prepared in accordance with the Law on the Protection of Personal Data No. 6698 (“KVKK”). The law has entered into force with all its provisions as of today.
The data obtained from you with your consent or due to other legal compliance conditions listed in the Law will be used to increase the quality of the services we provide and to improve our quality policy. Again, some of the data we have is depersonalized and anonymized. These data are used for statistical purposes and are not subject to Law enforcement and our Policy.
The ESSA Privacy Policy aims to protect the automatically obtained data of our customers, prospective customers, employees, customers and employees of companies working in partnership with us, or other persons, and includes regulations regarding these.
Our company has the right to change our policy and our Regulation/Directive, provided that it is in compliance with the Law and that personal data is better protected.
Basic Rules Regarding the Processing of Personal Data
Compliance with the law and honesty rules: ESSA questions the source of the data it collects or comes to it from other companies and attaches importance to obtaining them in accordance with the law and honesty.
Accurate and up-to-date when necessary: ESSA attaches importance to the fact that all data within the institution are correct, do not contain false information, and finally, if there is a change in personal data, they are updated if they are communicated to it.
Processing for specific, clear and legitimate purposes: ESSA processes data only for the purposes it offers and for which it receives consent from individuals during the service. It does not process, use and make use of data other than for business purposes.
Being connected, limited and measured for the purpose for which they are processed: ESSA uses data only for the purpose for which they are processed and to the extent required by the service.
Retention for the period stipulated in the relevant legislation or required for the purpose for which they are processed: ESSA retains the contractual data as long as the conflict periods of the Law and the requirements of commercial and tax law. However, when these purposes disappear, it deletes or anonymizes the data. It deletes or destroys them according to the Personal Data Deletion Directive.
It should be emphasized that, whether ESSA has collected or processed the data on the basis of consent or in accordance with the law, these principles listed above still apply.
Rights of Personal Data Owners Listed in Article 11 of the KVK Law
According to article 11 of the KVKK, you have the rights listed below. In order to facilitate these rights, an application form has also been prepared for you by ESSA and presented to you on our website.
Persons whose personal data are processed, by applying to our contact announced on our website by ESSA, regarding their own data;
Learning whether personal data is processed or not,
If personal data has been processed, requesting information about it,
Learning the purpose of processing personal data and whether they are used in accordance with its purpose,
Knowing the third parties to whom personal data is transferred at home or abroad,
Requesting correction of personal data in case of incomplete or incorrect processing and requesting notification of the transaction made within this scope to the third parties to whom the personal data has been transferred,
In the framework of the conditions stipulated in Article 7 of the KVK Law, although it has been processed in accordance with the provisions of the KVK Law and other relevant laws, in the event that the reasons requiring its processing disappear, to request the deletion or destruction of the personal data and to request the notification of the transaction made in this context to the third parties to whom the personal data has been transferred,
Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,
In the event that personal data is damaged due to unlawful processing, it has the right to demand the compensation of the damage. As ESSA, we respect these rights.
Maximum Savings Policy/Stinginess Policy
According to this policy, which is called the principle of maximum savings or the principle of stinginess, the data reaching ESSA is processed into the system only as necessary. Therefore, what data we collect is determined by the purpose. Unnecessary data is not collected. Other data transmitted to our company are transferred to company information systems in the same way. Redundant information is not recorded in the system, deleted or anonymized. These data can be used for statistical purposes.
Deletion of Personal Data
Personal data is deleted, destroyed or anonymized by our company, automatically or upon the request of the person concerned, when the periods required by law to be kept, the completion of the judicial processes or other requirements are eliminated.
Accuracy and Timeliness of Data
As a rule, the data within the body of ESSA are processed as declared by the relevant persons. ESSA is not obliged to investigate the accuracy of the data declared by customers or persons contacting ESSA, and this is not done legally and due to our working principles. The declared data is considered correct. The principle of accuracy and timeliness of personal data has also been adopted by ESSA. It updates the personal data that our company has processed from the official documents it receives or upon the request of the person concerned. It takes the necessary measures for this.
Privacy and Data Security
Personal data is confidential and ESSA respects this confidentiality. Only authorized persons can access personal data within the company. All necessary technical and administrative measures are taken to protect the personal data collected by ESSA, to prevent it from falling into the hands of unauthorized persons and to prevent the data owner from being victimized. In this framework, it is ensured that the software complies with the standards, that the third parties are carefully selected and that the Privacy Policy is complied with within the company. The companies with whom we share personal data in accordance with the law are also requested to protect the data.
Data Processing Purposes
The Processing of Personal Data of ESSA will be carried out in line with the purposes specified in the Clarification Text.
Customer, Prospective Customer and Business and Solution Partners Data
Collection and Processing of Data for Contractual Relationship
If a contractual relationship is established with customers and prospective customers, the collected personal data can be used without the customer's consent. However, this use takes place in accordance with the purpose of the contract. The data is used to the extent of better execution of the contract and the requirements of the service and updated when necessary by contacting the customers.
Business and Business Partners Data
ESSA adopts the principle of acting in accordance with the law when sharing data with both business and solution partners. Data is shared with business and solution partners with the commitment of data confidentiality and only as much as the service requires, and these parties are requested to take measures to ensure data security.
Advertising Data Processing
In accordance with the Law on the Regulation of E-Commerce and the Regulation on Commercial Communications and Commercial Electronic Messages, e-mails for advertising purposes can only be sent to persons with prior approval. The explicit consent of the person to whom the advertisement is sent is essential.
ESSA also complies with the details of the "approval" determined in accordance with the same legislation. The approval to be obtained should cover all commercial electronic messages sent to the electronic communication addresses of the recipients in order to promote your company's goods and services, market it, promote its business or increase its recognition with content such as congratulations and wishes. This approval can be obtained in writing, in the physical environment or by any electronic means of communication. The important thing is that the buyer has a positive declaration of will that he accepts the sending of commercial electronic messages, his name and surname and electronic communication address.
Data Transactions Due to the Company's Legal Obligation or Explicitly Established in the Law
Personal data may be processed without obtaining separate approval for the purpose of expressly stating the processing in the relevant legislation or fulfilling a legal obligation determined by the legislation. The type and scope of data processing must be necessary for legally permitted data processing and must comply with relevant legal provisions.
Company Data Processing
Personal data may be processed in line with the service offered by the company and its legitimate purposes. However, the data cannot be used for illegal services in any way.
Processing of Special Qualified Data
ESSA takes all adequate measures, which are also determined by the Board, in the processing of sensitive personal data. Special categories of personal data are processed in our company in accordance with the "Privacy and Processing of Personal Data Policy".
Data Processed by Automatic Systems
ESSA acts in accordance with the Law on data processed through automated systems. The information obtained from these data cannot be used against the person without the explicit consent of the people. However, ESSA can make decisions about the people it will process using the data in its own system.
User Information and Internet
In case of collection, processing and use of personal data on websites and other systems or applications belonging to ESSA, the relevant persons are informed about the privacy statement and, if necessary, about cookies.
People are informed about our applications on the internet pages. Personal data will be processed in accordance with the law.
Data of Our Employees
Processing of Data for Business Relationship
Personal data of our employees can be processed without consent as far as necessary in terms of business relations and health insurance. However, ESSA ensures the confidentiality and protection of the data of its employees.
Processing by Legal Obligations
ESSA may process the personal data of its employees without obtaining separate approval for the purpose of expressly stating the processing in the relevant legislation or fulfilling a legal obligation determined by the legislation. This issue is limited to the obligations arising from the law.
Processing for the Benefit of Employees
ESSA may process personal data without obtaining consent for transactions in the interest of company employees, such as private health insurances. For disputes arising from business relations, ESSA may also process employee data.
Processing of Special Qualified Data
According to the Law, data related to the race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, disguise and dress, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data is personal data of special nature.
In the processing of sensitive personal data, ESSA takes adequate measures, determined separately by the Board, in addition to the approval of the person concerned. Special categories of personal data can be processed without the consent of the person, but only in relation to the cases permitted by the Law and in a limited manner.
Data Processed by Automatic Systems
Employees' data processed in relation to automated systems can be used for internal promotions and performance evaluations. Our employees have the right to object to the result against them, and they do so by following internal procedures. The objections of the employees are also evaluated within the company.
Telecommunications and Internet
The computer, telephone, e-mail and other applications allocated to the employees within the company are allocated to the employee only for business purposes. The employee cannot use any of these means allocated to him by the company for his private purposes and communication. The company can control and audit all data on these vehicles. The employee undertakes that he/she will not keep any other data or information other than work on the computer, phones or other tools allocated to him from the moment he starts to work.
Domestic and International Transfer of Personal Data
Personal data may be shared with the controlling shareholder and also with business and solution partners in order for ESSA to see the service.
ESSA will be able to transfer personal data to ESSA's suppliers on a limited basis in order to ensure that the services that our Company outsources from the supplier and that are necessary to carry out our Company's commercial activities are provided to our Company.
ESSA has the authority to transfer personal data within the scope of the conditions determined by the Board, in accordance with the other conditions in the Law and subject to the consent of the person, within the country and abroad.
Rights of the Relevant Person
ESSA accepts that within the scope of the Law, the data subject has the right to obtain his consent before the data is processed, and that he has the right to determine the fate of the data after the data is processed.
Regarding personal data, by applying to our contact announced by ESSA on our website;
a) Learning whether your personal data is processed or not,
b) If personal data has been processed, requesting information about it,
c) Learning the purpose of processing personal data and whether they are used in accordance with its purpose,
ç) To know the third parties to whom personal data is transferred in the country or abroad,
d) Requesting correction of personal data in case of incomplete or incorrect processing,
e) Requesting the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7,
f) Requesting notification of the transactions made pursuant to subparagraphs (d) and (e) to third parties to whom personal data has been transferred,
g) Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,
ğ) In case of loss due to unlawful processing of personal data, he has the right to demand the compensation of the damage.
However,
Individuals do not have any rights regarding the anonymized data within the company. ESSA may share personal data with relevant institutions and organizations in order to exercise the legal powers of a judicial duty or state authority in accordance with the business and contractual relationship.
Personal data owners will be able to submit their requests regarding the above-mentioned rights to the Company by filling in the application form, which you can obtain from the official website of the Company. Your applications will be answered as soon as possible depending on the content of your application or within 30 days at the latest after it reaches our company. In addition, only the part of your application will be answered, and an application about your spouse, relative or friend will not be accepted.
ESSA may request other relevant information and documents from the applicants.
Privacy Policy
The data of employees or other persons in ESSA is confidential. No one can use, copy, reproduce, transfer to others, use this data for any other purpose, except for business purposes, without contract or compliance with the law.
Transaction Security
All necessary technical and administrative measures are taken to protect the personal data collected by ESSA, to prevent it from falling into the hands of unauthorized persons and to prevent our customers and prospective customers from being victims. In this framework, it is ensured that the software complies with the standards, that the third parties are carefully selected and that the Privacy Policy is complied with within the company. Safety measures are constantly being renewed and improved.
Audit
ESSA carries out the necessary internal and external audits on the protection of personal data.
Notice of Violations
When ESSA is notified of any breach of personal data, it takes immediate action to remedy the breach. When personal data is obtained by unauthorized persons, it immediately notifies the Personal Data Protection Board.
With the notification of violations, you can apply according to the procedures specified in our corporate website.